CompTIA CASP+ (CAS-004) — Question 641

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

Answer options

• A. Root cause analysis
• B. Communication plan
• C. Runbook
• D. Lessons learned

Correct answer: C

Explanation

A Runbook is a detailed guide that outlines the procedures and tasks necessary for handling specific incidents, making it the best choice for addressing future incidents. A Root cause analysis focuses on understanding the underlying issues of past incidents, not on providing a procedural guide. A Communication plan outlines how to convey information during incidents, while Lessons learned summarize past experiences but do not provide actionable steps for future incidents.